On 2/12/2012 3:00 PM, Patrick Mézard wrote:
For me, a more basic question is whether installing extensions from a fresh Tor installed is (sufficiently) safe. I do not know the details of the process but it probably involves some HTTPS connections to addons.mozilla.org. If the exit node can perform MITM attacks on SSL you may end up installing something unwanted. Could the initial setup be made safer, for instance by storing digests of addons.mozilla.org certificate in Tor bundles at build time and *warn* if they do not match (like a specialized Certificate Patrol would do)? Is it already addressed in Firefox? --
Can't checking for addons' "check for updates" be unchecked in Aurora / Firefox Options? As well as for the browser & search plugins? Does that not solve the problem of some addon connecting to MAO during a Tor session?
tor-talk mailing list

Reply via email to